X-Frame-Options Header

Yellowfin FAQ shared this problem 13 months ago
Resolved

I've received a finding that Yellowfin isn't using X-Frame-Options: DENY in the HTTP Headers.

Comments (1)

photo
1

This can be resolved at the Tomcat level by implementing HTTP Header Security (Tomcat 8 +). Simple add the following to <YellowfinInstall>/appserver/webapps/ROOT/WEB-INF/web.xml inside the <web-app> tag:

  <filter>
    <filter-name>httpHeaderSecurity</filter-name>
    <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
    <async-supported>true</async-supported>
  </filter>
  <filter-mapping>
    <filter-name>httpHeaderSecurity</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

- Ryan